HAMSTER Outline

0 Abstract

0 Acknowledgment

1 Introduction
1.1 Statement of the Problem
1.2 Objectives
1.3 Scope of the Study
1.4 Significance of this Study

2 Review of the State of the Art
2.1 Security
2.1.1 AES - Advanced Encryption Standard
2.1.2 CBC - Cipher Block Chaining
2.1.3 RSA - Rivest-Shamir-Adleman
2.1.4 MD5 - Message Digest 5
2.2 Streaming
2.2.1 HTTP - Hypertext Transfer Protocol
2.2.2 RTP - Real-time Transport Protocol
2.2.3 J2ME - Java 2 Micro Edition
2.2.4 Wireless Toolkit
2.2.5 Nokia Prototype Standard Development Kit
2.3 Video Sharing
2.3.1 [Existing Mobile Streaming]
2.3.2 [Existing Webapp Streaming]

3 Methodology
3.1 Cryptosytem
3.1.1 Registration
3.1.2 Transmission
3.2 Streaming
3.2.1 Request - Reply
3.2.2 Transmission
3.2.3 Playback
3.3 Profiles
3.3.1 User
3.3.2 Video

4 Experiments and Analysis
4.1 The HAMSTER Video Database
4.2 Performance of Public Key Cryptography
4.3 Performance of AES
4.4 Performance of HTTP Streaming
4.5

5 Conclusions
5.1 Conclusions
5.2 Summary of Contributions
5.3 Future Research

6 References

7 Appendices
A Acronyms
B Screenshots
C Developers Manual
D Users Manual

Shozu

http://www.shozu.com/portal/tour.do?operation=features

Baka meron pang ibang ganito dito.

Prefetching and Buffering

http://java.sun.com/j2me/docs/html/docs/MMAPorting.pdf

Nokia Untrusted Domains

May prob sa Nokia ang app natin kasi hindi pwedeng magdownload at i-write sa phone memory. Viewing lang. So webapp na lang ang downloading. Or i-bluetooth. SERVER-->PHONE-->PC.

Magkakaroon din tayo ng problem sa decryption/encryption dahil may temp variables ako na nagwrite kasi important siya sa pagconvert ng int[] array to streams.

Sigh

Candies

Ei, pwede po ba tayong makagawa ng Icons for our SINFINITY Mobile forms, :D

Dun po sa candy icons (parang dun sa Pintig), sana makagawa po for Sinfinity.

a. Sinfinity logo (small, medium, large)
b. Online and offline users logo parang smileys sa YM (small)
c. Stream Video [view-only] (medium)
d. Download Video (medium)
e. Generic bullets for list (small diff colors)
f. Generic arrows. (small) Kasi na-implement ang first, 2nd, 3rd degree friendship.
g. Sign-up logo (small, medium, logo)
h. Login logo (medium)
i. Connecting... Waiting... "timer / gauge" gif (medium)
j. Video logo (medium, large)
k. Friends logo

Nice din sana kung meron tayong Nokia THEME. Di ba may THEMES ang MMS Nokia phone. Sana meron ding SINFINITY theme. Mayroong THEME-creator ang Nokia SDK. :D Parang ito yung magiging Wallpaper or Background desktop ng Nokia Main menu. :D Try ko ring aralin since meron naman tayong SINFINITY logo.

----------

Di ba ang HAMSTER is the platform. Iba pa rin yung services, right?
Kaya nabuo ang SINFINITY, right? So given ang HAMSTER, marami tayong services na
pwedeng gawin right? Sa Feb 25 at possibly sa URC, gusto ko sana
i-propose the following services...

1. SINFINITY -- siyempre ito ang Service Foundation. Iniisip ko na yung one-stop sign-in sa lahat ng services. Parang yung SINFINITY kasi ang storage and sharing service natin. So kapag nag-sign sila sa service natin, pwede na rin nilang makuha yung ibang services.

2. MOR.PH or MORF ( MObile Reality PHilippines or MObile Real Feed ) - a.k.a. RSS/XML feed with Video Streaming. So depende sa categories na gusto mong matanggap, may darating sa yung Broadcast Messages. So kung News, Sports... Tapos kung gusto mo siyang ma-view, eh di i-HAMSTER natin.

3. VBOX, BlogBOX (Videoke Bluetooth On-the-go Xtreaming) - Bluetooth On-the-go Xtreaming is an extension of our HAMSTER. Pwede kasi yung isang node dun sa piconet ay nakaconnect sa HTTP so parang siya ang MASTER sa piconet na yun, tapos pwede niyang i-stream ang video files in its network. Tapos yung video file na ito ay Videoke! Inspired by KMast ng 165 Juniors at ng All-Star K! Pwedeng solo o group videoke singing. Tapos depende sa genre/artist na trip ng isa o ng grupo, darating sa kanila ang available na videoke.

Ayun po.

Hindi ko naman po ni-rerequire kayo na gumawa pa ng classes or mag-code for 2 and 3. In fact, ok na ang SINFINITY. I believe din na mas mapakita pang lalo ang kagandahan ng HAMSTER if we feature other services.

Actually yun pong 2 and 3 eh akin pong future development projects . Nilahad ko lamang po dito baka kasi magulat kayo sa presentation / demo kapag isinama ko. Ayaw ko namang maka-offend. Yung BOX Bluetooth On-the-go Xtreaming na rin kasi ang magiging basis ng master's thesis (nyak! ang aga!) seriously at freelance softdev (lagot sa HP!)

The table is open naman for other services na maisip ninyo. Naaalala ninyo ba ang mga possible applications na cite natin sa marketing congress? We can create our own service development project for each field di ba?

Ayun po.

Nokia Development

Downloaded:

1. Carbride_j_v1_0_1
2. nS60_jme_sdk_3rd
3. nptsdk_jme_v4_0

Installation Options:

Select 'Integrate with Eclipse'


------


Currently, we're experiencing problems with Nokia supported classes. Kahit na gumagana ang classes natin sa J2ME. We have to tweak the code to support Nokia platform. Ang obvious pa lang na nakikita ko ay ang FileConnection classes. Ito dapat ang ginamit at hindi ang java.io Classes. Hindi pa ako sure sa ibang classes na kailangan i-tweak. But this is (kinda) frustrating. Of course, we all want to deploy these stuff sa Nokia phone ni Phillip at ng Globe di ba?

If hindi mahabol sa 25, mapipilitan akong gumamit ng Bluetooth. So from the emulator phone, stream niya ito to Bluetooth-enable device. Parang yung sa Pintig natin. Disappointment.

Pero hindi naman dapat makaapekto ito. Motivated pa rin naman dahil at least tapos na ang 'HAMSTER Foundation' or the basic functionalities.

Sigh.

Yey!*

1. Finally, nagawa ko na rin ang Player ng video stream
2. We don't need the XML thingy na. Although, maganda talaga ang XML, pero magastos sa bytes. I mean, mas hahabang DataStream ang isesend kesa sa 'bulok'-y way / protocol.
Kahit separated with colon ':' lang yun the least number of bytes naman. 25Cents din yun kada kb.

TroubleShooting File Transfer

http://www.hcilab.org/documents/tutorials/PictureTransmissionOverHTTP/index.html
http://www-128.ibm.com/developerworks/wireless/library/wi-jio/
http://www.wirelessdevnet.com/channels/java/features/j2me_http.phtml

New Assignment

1. To handle a graceful exit among Socket Multithreaded Server and Socket Clients.

Here's where the SignUpModule got its base code.

http://java.sun.com/developer/onlineTraining/Programming/BasicJava2/socket.html

Currently, the exit is so 'bulok'-y.

Kapag nagclose ang isang client, namamatay din ang server dahil magkakaroon ng IOException na result ng exit ng client. The server should always run. Kahit ilang mag-connect and disconnect sa kanya.

Kailangan magclose ni client, dahil sa SignUp process natin, after niyang mareceive ang ACK. User can exit na.

2. See '24 - Final Season' post below.

3. I'm handling 0002 and 0003. Yung 0002, tulad ng nabanggit ko dati, depende sa SQL queries ang magiging form ng forms. Yung 0003. Ang problem ay yung transmission. May narereceive naman na packets from the server. Pero hindi ma-realize ng player ang stream maybe due to packet loss or reordering. Or sobrang laki ng files. Kaya kailangan ng buffering / prefetching.

4. If hindi pa rin ma-handle ang 0003, i'll try RTP and ProxyServer T_T . Yung Proxyserver ang nasa gitna ng mobile at HAMSTER server para maghandle ng packets.

5. Yung 0005. Hindi pa magagawa kasi dapat ma-ensure na nareceive nang tama ang packets.

Basically, once natapos ang [0001] o [0002 at 0003], notify. Para malaman kung anong module ang pwedeng gawin. It can be a module na hindi nakalista dito.

6. Gusto ko na sanang matapos ang [0001] at [0002 at 0003] kasi we can start document na. After kasi nito, na-solve na natin prob stated. Optimization na lang. Tapos we can add several SQL queries and additional web services. This is when we sell our project based on our features and services.

The Past

Receiving and Presenting RTP Media Streams

Why XML for future work?

Current HAMSTER client and server protocol in exchanging requests and responses is SO primitive. So 'bulok'-y.

Strings are upstreamed with the following format.

[response/request code]:[command1]:[command2]...[commandN]

Once received, they are tokenized.
Then, conversion is needed. Integer.parseInt() and so on.

But with XML...

XML as a Message Format

FROM: http://www.cafeconleche.org/books/xmljava/

One of the major uses of XML is for exchanging data between heterogenous systems. Given almost any collection of data, it’s straightforward to design some XML markup that fits it. Since XML is natively supported on essentially any platform of interest, you can send data encoded in such an XML application from point A to point B without worrying about whether point A and point B agree on how many bytes there are in a float, whether ints are big endian or little endian, whether strings are null delimited or use an initial length byte, or any of the myriad of other issues that arise when moving data between systems. As long as both ends of the connection agree on the XML application used, they can exchange information without worrying about what software produced the data. One side can use Perl and the other Java. One can use Windows and the other Unix. One can run on a mainframe and the other on a Mac. The document can be passed over HTTP, e-mail, NFS, BEEP, Jabber, or sneakernet. Everything except the XML document itself can be ignored.


Sigh.

Oh!

Yes, we can store and retrive BLOBs into and from database!

But they're gone after the transaction.

Because...

From http://www-css.fnal.gov/dsg/external/freeware/Repl_mysql_vs_psql.html

In Postgres, Large Objects are very special beasties. To create them special lo_create function is used that stores the result in a regular table. Large object support is broken in Postgres - pg_dump cannot dump LOBs; you need
to develop your own backup mechanism. To export Oracle raw data type it has to be the latest version of postgres jdbc driver. jdbc7.1-1.2.jar.does not work. Also, autocommit should be off, because the LargeObject reference is only valid within a transaction. As soon as the sql is executed to get the large object reference, it is autocommitted and then this reference can't be used anymore since the transaction ended. To turn autocommit off use the setAutoCommit() method in Connection:
Connection con = DriverManager.getConnection(url,user,password);
con.setAutoCommit(false);

Switch to MySQL?

Not yet. Future work na lang. Let's store na lang the directory path where the video and thumbnail is stored.

Advantage: Encryption and decryption become easier. I suppose.

Documentation Template & Req

A Generic Thesis Skeleton
1. Introduction

This is a general introduction to what the thesis is all about -- it is
not just a description of the contents of each section. Briefly summarize
the question (you will be stating the question in detail later), some of
the reasons why it is a worthwhile question, and perhaps give an overview
of your main results. This is a birds-eye view of the answers to the main
questions answered in the thesis (see above).

2. Background Information (optional)

A brief section giving background information may be necessary, especially
if your work spans two or more traditional fields. That means that your
readers may not have any experience with some of the material needed to
follow your thesis, so you need to give it to them. A different title than
that given above is usually better; e.g., "A Brief Review of Frammis
Algebra."

3. Review of the State of the Art

Here you review the state of the art relevant to your thesis. Again, a
different title is probably appropriate; e.g., "State of the Art in Zylon
Algorithms." The idea is to present (critical analysis comes a little bit
later) the major ideas in the state of the art right up to, but not
including, your own personal brilliant ideas.

You organize this section by idea, and not by author or by publication.
For example if there have been three important main approaches to Zylon
Algorithms to date, you might organize subsections around these three
approaches, if necessary:

3.1 Iterative Approximation of Zylons
3.2 Statistical Weighting of Zylons
3.3 Graph-Theoretic Approaches to Zylon Manipulation

4. Research Question or Problem Statement

Engineering theses tend to refer to a "problem" to be solved where other
disciplines talk in terms of a "question" to be answered. In either case,
this section has three main parts:

1. a concise statement of the question that your thesis tackles
2. justification, by direct reference to section 3, that your question is
previously unanswered
3. discussion of why it is worthwhile to answer this question.

Item 2 above is where you analyze the information which you presented in
Section 3. For example, maybe your problem is to "develop a Zylon
algorithm capable of handling very large scale problems in reasonable
time" (you would further describe what you mean by "large scale" and
"reasonable time" in the problem statement). Now in your analysis of the
state of the art you would show how each class of current approaches fails
(i.e. can handle only small problems, or takes too much time). In the last
part of this section you would explain why having a large-scale fast Zylon
algorithm is useful; e.g., by describing applications where it can be
used.

Since this is one of the sections that the readers are definitely looking
for, highlight it by using the word "problem" or "question" in the title:
e.g. "Research Question" or "Problem Statement", or maybe something more
specific such as "The Large-Scale Zylon Algorithm Problem."

5. Describing How You Solved the Problem or Answered the Question

This part of the thesis is much more free-form. It may have one or several
sections and subsections. But it all has only one purpose: to convince the
examiners that you answered the question or solved the problem that you
set for yourself in Section 4. So show what you did that is relevant to
answering the question or solving the problem: if there were blind alleys
and dead ends, do not include these, unless specifically relevant to the
demonstration that you answered the thesis question.

6. Conclusions

You generally cover three things in the Conclusions section, and each of
these usually merits a separate subsection:

1. Conclusions
2. Summary of Contributions
3. Future Research

Conclusions are not a rambling summary of the thesis: they are short,
concise statements of the inferences that you have made because of your
work. It helps to organize these as short numbered paragraphs, ordered
from most to least important. All conclusions should be directly related
to the research question stated in Section 4. Examples:

1. The problem stated in Section 4 has been solved: as shown in Sections ?
to ??, an algorithm capable of handling large-scale Zylon problems in
reasonable time has been developed.

2. The principal mechanism needed in the improved Zylon algorithm is the
Grooty mechanism.

3. Etc.

The Summary of Contributions will be much sought and carefully read by the
examiners. Here you list the contributions of new knowledge that your
thesis makes. Of course, the thesis itself must substantiate any claims
made here. There is often some overlap with the Conclusions, but that's
okay. Concise numbered paragraphs are again best. Organize from most to
least important. Examples:

1. Developed a much quicker algorithm for large-scale Zylon problems.

2. Demonstrated the first use of the Grooty mechanism for Zylon
calculations.

3. Etc.

The Future Research subsection is included so that researchers picking up
this work in future have the benefit of the ideas that you generated while
you were working on the project. Again, concise numbered paragraphs are
usually best.

7. References

The list of references is closely tied to the review of the state of the
art given in section 3. Most examiners scan your list of references
looking for the important works in the field, so make sure they are listed
and referred to in section 3. Truth be known, most examiners also look for
their own publications if they are in the topic area of the thesis, so
list these too. Besides, reading your examiner's papers usually gives you
a clue as to the type of questions they are likely to ask.

All references given must be referred to in the main body of the thesis.
Note the difference from a Bibliography, which may include works that are
not directly referenced in the thesis. Organize the list of references
either alphabetically by author surname (preferred), or by order of
citation in the thesis.

8. Appendices

What goes in the appendices? Any material which impedes the smooth
development of your presentation, but which is important to justify the
results of a thesis. Generally it is material that is of too nitty-gritty
a level of detail for inclusion in the main body of the thesis, but which
should be available for perusal by the examiners to convince them
sufficiently. Examples include program listings, immense tables of data,
lengthy mathematical proofs or derivations, etc.

Comments on the Skeleton
Again, the thesis is a formal document designed to address the examiner's
two main questions. Sections 3 and 4 show that you have chosen a good
problem, and section 5 shows that you solved it. Sections 1 and 2 lead the
reader into the problem, and section 6 highlights the main knowledge
generated by the whole exercise.

Note also that everything that others did is carefully separated from
everything that you did. Knowing who did what is important to the
examiners. Section 4, the problem statement, is the obvious dividing line.
That's the main reason for putting it in the middle in this formal
document.


Now, on to the last two requirements for CS 199, which are:

(1) Final demo

(2) Final bound copies of the thesis report

You have to finish (1) before you submit (2), but you can e-mail to me
drafts so that I can review (2) before you print and bind the report.

For (1), each group is asked to e-mail me their preferred date to demo
their application. The possible dates are: March 15, 18, 22 and 25.
The demo will be done during CS 199 class hours.

What is involved in a demo? You have to give me, on a CD or thumb
drive, an installer for your applications, with installation
instructions (text file also on the CD) if necessary. I should be able
to install and run your application from scratch. Please prepare test
data if it's necessary for your application (sample video clip, sample
malware, etc).

For (2), you have to give two hard-bound copies of the thesis report
by Saturday, April 1. The report should also include a CD with an
installer of the applications, the source code with compilation
instructions, and a soft copy of the thesis report in PDF format.

The Latex template for (2) is in the Files section of our Yahoo groups.

Please take note of the deadlines, particularly graduating students
whose grades are due by April 3.

-spf

ENCRYPTED ENTITIES

to be encrypted:

LARGE OBJECT
video.content


BYTEA
aes_keys.shared_key
format.format_code
format.file_extension
format.pixel_width
format.pixel_height
friendship.myself
friendship.friend
ownership.username
ownership.video_access_number
rsa_keys.public_exponent
rsa_keys.private_exponent
rsa_keys.modulus
rsa_keys.current_key
subscriber.username
subscriber.password

video table except thumbnail and content

24 - Final Season

PENDING TASKS (MOST TO NOT)

0001 Handle Graceful Exit of SocketServer and SocketClient
0002 Player(InputStream)
0003 Mobile Forms + SQL Query
0004 XML 
0005 Encrypt / Decrypt Entities
0006 Bluetooth
0007 Push Registry 
0008 Session

----

0001 Documentation

Storing Binary Data

http://pgsqld.active-venture.com/jdbc-binary-data.html
http://phpclub.ru/postgresql/doc/datatype-binary.html
http://www.castor.org/postgresql-blobs.html

Final Stretch

Date : Task

12   : Documentation (MIDlet, HTTPConnection)
13   : Develop      - ServerSocketConnection (Client, Multithreaded Server)
     : Integrate    - RSA (Decrypt, Encrypt)
     : Integrate    - TEA (Decrypt, Encrypt)                      
     : Integrate    - MD5   
14   : QualityCheck - HTTPConnection
     : Integrate    - AES (Encrypt, Decrypt)
     : Develop      - Mobile Forms
15   : Integrate    - Data Access     
16   : Develop      - Bluetooth 
17   : Develop      - Push Registry
18   : Develop      - Session
19   : Documentation (AES, RSA, Socket)
20   : Deployment   - Nokia 6630
21   : Deployment   - Nokia 6630
22   : QualityCheck - Nokia 6630
23   : Documentation (JMF, Recommendation, Future Works)
24   : Preparation  - Presentation Slides
25   : Presentation - GAMETEL + GLOBE + GODBLESS = GOOD GRADE * GRABE

J2ME Socket

http://students.if.itb.ac.id/~if11026/J2ME/J2ME%20Low-Level%20Network%20Programming%20with%20MIDP%202_0.htm

MMAPI

http://developers.sun.com/techtopics/mobility/midp/articles/mmapioverview/
http://developers.sun.com/techtopics/mobility/midp/articles/picture/
http://developers.sun.com/techtopics/mobility/apis/articles/mmapioptions/
http://www.hcilab.org/documents/tutorials/ImagePerformanceEvaluation/
http://java.sun.com/j2me/docs/alt-html/MMAPI-WP/mmapiwp4.html
http://www.informit.com/articles/article.asp?p=375708

Push Registry

http://developers.sun.com/techtopics/mobility/midp/articles/pushreg/

JBuilderX

http://cs.shinawatra.ac.th/cslabs/cs1002/JbuilderMIDP.htm

J2ME

http://java.sys-con.com/read/37376.htm?CFID=92452&CFTOKEN=69A0F8C7-FC63-B9A9-8B50F660626573FB

Documentation Topic Sentences 1

The Server

HAMSTER server is a Hypertext Transfer Protocol (HTTP) server because it uses HTTP to communicate with its two types of clients - mobile clients and web browsers.

It is also a Java-based web server which uses two important classes, java.net.Socket and java.net.ServerSocket.

Both types of clients communicate through HTTP messages.

The Clients

Mobile clients are running in Java 2 MicroEdition (J2ME) Platform under Mobile Information Device Profile 2.0 (MIDP) and Connected Limited Device Configuration 1.1 (CLDC) profiles. Currently, the MIDP technology supports the standard HTTP protocol.

Web clients can be users accessing the web server using an Internet browser or through sockets in a Java application (or applet).




Mobile Phones

MIDP 2.0 / CLDC 1.0

Nokia ser. 40
Nokia ser. 60
Siemens 65x
Motorola

MIDP 2.0 / CLDC 1.1

Nokia ser. 60, ser. 80, ser. 90,
Siemens 65x, 75x

www.devbg.org/seminars/seminar-3-december-2005/Plamen-Zheliazov-J2ME.ppt

Nokia

http://www.nokia.co.jp/forum/support/event/pdf/Nokia_Borcon2004_D2C4.pdf

MMAPI Nokia

http://www.bogor.net/idkf/bio2/mobile-docs/mmapi.pdf

Sign Up Module

Sign Up process is not advisable through web application because when we POST our form, we submit the values in clear. The only time we can manipulate the POST-ed data is when we process the data by the classes, which are located at the web server.

So, the Sign Up process can be done with Java application. That is, an application capable of contacting a web server. And this is a network-comma-socket programming.

http://www.onjava.com/pub/a/onjava/2003/04/23/java_webserver.html?page=1
http://www.davidreilly.com/java/java_network_programming/
Socket Multithreaded Server and Client
Socket Programming in Java - SMTP Example
Java Web Server and JSP
http://www.subrahmanyam.com/articles/servlets/ServletIssues.html

Servlet Conventions

1. Group .jsp and .html template files and place them in 'templates'.
2. .jsp 'data processors' should be named with prefix "do_" (i.e. do_login.jsp, do_signup.jsp)
3. Use data access objects rather putting the SQL queries and updates to the code

HAMSTER Database Data Dictionary - Unofficial

catalog_by_category
(
video_access_number int8 NOT NULL,
category varchar(50) NOT NULL,
CONSTRAINT by_category_pk PRIMARY KEY (video_access_number, category),
CONSTRAINT category FOREIGN KEY (video_access_number)
    REFERENCES video (video_access_number)
CONSTRAINT video_access_number FOREIGN KEY (video_access_number)
    REFERENCES video (video_access_number)
)

catalog_by_language
(
video_access_number int8 NOT NULL,
"language" varchar NOT NULL,
CONSTRAINT by_language_pk PRIMARY KEY (video_access_number, "language"),
CONSTRAINT "language" FOREIGN KEY ("language")
    REFERENCES "language" ("language")
CONSTRAINT video_access_number FOREIGN KEY (video_access_number)
    REFERENCES video (video_access_number)
)

category
(
category_title varchar(50) NOT NULL,
CONSTRAINT category_pk PRIMARY KEY (category_title)
)

comments
(
video_access_number int8 NOT NULL,
"comment" varchar(500) NOT NULL,
CONSTRAINT comment_pk PRIMARY KEY (video_access_number, "comment"),
CONSTRAINT video_access_number FOREIGN KEY (video_access_number)
    REFERENCES video (video_access_number)
)

format
(
format_code varchar(20) NOT NULL,
file_extension varchar(10) NOT NULL,
pixel_width int8 NOT NULL,
pixel_height int8 NOT NULL,
CONSTRAINT format_pk PRIMARY KEY (format_code),
CONSTRAINT format_uk UNIQUE (file_extension, pixel_width, pixel_height)
)

friendship
(
myself varchar(50) NOT NULL,
friend varchar(50) NOT NULL,
CONSTRAINT friendship_pk PRIMARY KEY (myself, friend),
CONSTRAINT friend_username FOREIGN KEY (friend)
    REFERENCES subscriber (username)
CONSTRAINT myself_username FOREIGN KEY (myself)
    REFERENCES subscriber (username)
)

"language"
(
"language" varchar(30) NOT NULL,
CONSTRAINT language_pk PRIMARY KEY ("language")
)

ownership
(
username varchar(50) NOT NULL,
video_access_number int8 NOT NULL,
CONSTRAINT ownership_pk PRIMARY KEY (username, video_access_number),
CONSTRAINT username FOREIGN KEY (username)
    REFERENCES subscriber (username)
CONSTRAINT video_access_number FOREIGN KEY (video_access_number)
    REFERENCES video (video_access_number)
)

subscriber
(
username varchar(50) NOT NULL, -- unique user identifier
"password" varchar(32) NOT NULL, -- user password
CONSTRAINT subscriber_pk PRIMARY KEY (username)
)

video
(
video_access_number int8 NOT NULL,
content bytea NOT NULL,
is_private bool NOT NULL,
is_free bool NOT NULL,
video_title varchar(200) NOT NULL,
is_flagged bool NOT NULL,
date_uploaded date NOT NULL,
view_hits int8 NOT NULL DEFAULT 0,
download_hits int8 NOT NULL DEFAULT 0,
thumbnail bytea NOT NULL,
CONSTRAINT video_pk PRIMARY KEY (video_access_number),
CONSTRAINT video_uk UNIQUE (content)
)

Session: A Nice To Have

Every e-commerce application must support session tracking. Unfortunately, MIDP (Mobile Information Device Profile), a J2ME (Java 2 Platform, Micro Edition) technology, supports only the standard HTTP protocol, which is stateless. In this article, Michael Juntao Yuan and Ju Long explore ways to add session support into the current MIDP network API framework. They discuss the implementations, usages, and relative merits of three approaches: using cookies, rewriting URLs, and embedding session information in XML documents.

http://www.javaworld.com/javaworld/jw-04-2002/jw-0426-wireless.html

Servletting. Wait Lang.

Matagal nang ok ang user authentication pero this time by POST na siya to a servlet [UserLogin]. In clear nga lang ang pagsend ng data so I need the encryption thing already.

Huling priority na para sa 'kin ang user sign up kasi hindi pa naman siya open to the public.

Gumagana na rin kanina ang update account. And the retrieve thumbnails, of course. Haha.

Problem is, right now hindi na gumagana bigla yung servlet. Nagsstop siya sa isang blank page at hindi nag-r-response.sendRedirect(""). Hindi ko maintindihan kung bakit.

Eniwei, kung sakaling kelangan ng servlet for the mobile to request for data, I suggest na by POST na lang ulet, at mejo fill in the blanks na lang sa class na 'to:

package rijndael;

import java.io.*;
import java.sql.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class GetVideoDataServlet extends HttpServlet {

    public GetVideoDataServlet() {
    }

    public void doPost(HttpServletRequest request, HttpServletResponse response) {
        try {
       
            RijndaelConnect connection = new RijndaelConnect();
            HttpSession session = request.getSession(true);
            connection.executeQuery( SQL query for retrieving data );

            while(connection.getResultSet().next()) {
                Encrypt video data;
                Manipulate SQL query;
            }
                   
        } catch(Exception e) {
            e.printStackTrace();
        } finally {
        }       
    }

Java Servlet

1. Dowload Java Servlet package.
2. Include servlet.jar and server.jar in the libraries of the development workspace.
3. Run startserver.bat

BigInteger is a BigProblem

Java Cryptography
http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#RSAPrivateKeySpec
http://stellify.net/rijndael/KeyTools.java


J2ME BigInteger Support
http://www-128.ibm.com/developerworks/library/j-midpds.html
http://www.javaworld.com/javaworld/jw-12-2002/jw-1220-wireless.html
http://www.bouncycastle.org/documentation.html
http://www-128.ibm.com/developerworks/library/j-j2me/
http://java.sun.com/products/cdc/
http://java.sun.com/products/foundation/

Minimum Requirement (done stroke)

MODULE: SIGN-UP NEW USER

01M. http_request(username)
02W. process(username)
03D. unique = check_db(username)
04P. if unique [ generate(server_public_key)
05P. send(server_public_key)
06W. http_response(server_public_key)
IMPORTANT CHANGE
07M. encoded = aes_encrypt(username, password, server_public_key)
07M. encoded = dsa_encrypt(username, password, server_public_key)
08M. http_request(encoded)
09P. decoded = aes_decrypt(encoded, server_private_key)
IMPORTANT CHANGE
09P. decoded = aes_decrypt(encoded, server_private_key)
10P. password = extract(decoded)
11P. encrypted_password = tea_encrypt(password)
12D. store_db(username, encrypted_password)
13W. http_response(OK)
14X. close_connection()

MODULE: LOG-IN MOBILE USER

15M. encrypted_login = md5(username, password)
16M. http_request(username, encrypted_login)
17W. process(username, encrypted_login)
18D. encrypted_password = retrieve_db(username)
19W. password = tea_decrypt(encrypted_password)
20W. hash = md5(username, password)
21W. if (hash = encrypted_login) [ http_response(ok) ]

MODULE: DOWNLOAD VIDEO

22M. http_request(query)
23W. process(query)
24D. data_set = select_tables(query)
25W. http_response(data_set)
26M. filename = process(data_set, user_input)
27M. http_request(filename)
28W. process(filename)
29D. data_video = select_tables(filename)
30P. encrypted_video = aes_encrypt(data_video, password)
31W. http_response(encrypted_video)
32M. data_video = aes_decrypt(encrypted_video, password)
33M. play(data_video)
33X. close_connection()

M = mobile (jonas)
W = webapp dao (ia)
D = database (phillip)
P = pki / aes logic (jonas)